Analysis and mitigation of information exposure on interest management in massively multiplayer online games
Date of Issue2017-01-03
School of Computer Science and Engineering
Parallel and Distributed Computing Centre
Massively Multiplayer Online Games (MMOGs) have achieved unambiguously success over the last decade. The technology offers great chances for millions of geographically distributed people to connect together and enjoy immersed experience in the Virtual Environment (VE). Although most published games rely on client/server architecture today, the centralized architecture suffers from scalability issues. Alternatively, Peer-to-Peer (P2P) is considered as a challenging but reasonable solution to replace client/server architecture. The network architecture is responsible for exchanging a number of game states among players in every round of the game. To make network efficient, Interest Management (IM) is commonly applied in games to reduce unnecessary network communications. However, without trusted server deployed by game operator, P2P based games usually rely on players' computers to perform IM. Since game programs can be eavesdropped or modified by players, IM on P2P architecture is vulnerable to Information Exposure (IE) attacks, i.e., the attack aiming for purposely obtaining the victim's sensitive information without authorization. IE attacks on P2P based IM lead to the expose of sensitive information such as player's position to the attacker. Mitigating such attacks is challenging. Firstly, P2P based IM is running on players' computers whose behaviors are unpredictable. Secondly, IE attacks are hardly to be detected because they can be performed without modifying the game program. Thirdly, the mitigation to IE attacks must avoid consuming excessive network bandwidth in order to fulfill the original purpose of IM, i.e. reducing unnecessary bandwidth consumption. Mitigation to IE attacks requires the above challenges to be solved but currently, solutions are still missing. This is the very task of this thesis, designing P2P based IM schemes that can mitigate IE attacks. The thesis starts by formalizing IE attacks on IM schemes as interactive protocols with adversary behaviors. Criteria such as correctness, secrecy and bandwidth usage are proposed to verify candidate IM schemes' functionality and evaluate their mitigation effectiveness. Two novel IM schemes are proposed in this thesis to mitigate IE attacks. The first one is called SAFE which relies on privacy preserving protocol to obfuscate sensitive information. The second one is called PP2P which relies on an isolated execution environment called trusted block to protect sensitive information and operations. Especially, an implementation of trusted block is provided, which is based on hardware virtualization and trusted computing. Evaluations are applied to the proposed IM schemes via model checking and simulation, and the experiment results show both schemes have significant effects on mitigating IE attacks. We hope this thesis can be valuable to academia especially on privacy preserving computation, hardware virtualization, trusted computing and formal verification. The proposed evaluation properties can become a widely used standard for evaluating IM schemes. We also expect our proposed schemes can be adopted by game industry to allow game users to enjoy fairer games, and to protect game operators from declined revenue caused by cheating issues.